Robert Speicher
|
4642ca6686
|
Use `empty_project` where possible in controller specs
|
2017-01-25 17:14:38 -05:00 |
Felipe Artur
|
781cca8d45
|
Fix redirect after update file when user has forked project
|
2016-12-29 21:11:34 -02:00 |
James Lopez
|
280afe0a64
|
fix blob controller spec failure - updated not to use file-path-
|
2016-11-29 10:40:56 +01:00 |
Douwe Maan
|
742cee756b
|
Merge branch 'jej-22869' into 'security'
Fix information disclosure in `Projects::BlobController#update`
It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.
- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
- [x] Added for this feature/bug
- [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
https://gitlab.com/gitlab-org/gitlab-ce/issues/22869
See merge request !2023
|
2016-11-28 21:25:18 -03:00 |
Semyon Pupkov
|
40fa1b6e6f
|
Use user from let instead recreate in before
|
2016-10-09 20:31:28 +05:00 |
Ruben Davila
|
7627cc1989
|
Validate presence of essential params for diff rendering
This will avoid application errors generated by the assumption of the
presence of these params.
|
2016-06-24 16:20:53 -05:00 |